On Thu, Aug 01, 2002 at 01:28:41PM -0700, [EMAIL PROTECTED] wrote: > > The rpm --checksig verification function appears to be broken. > (I am using RH 7.3 and rpm-4.0.4-7x.18) > I changed one byte in an rpm file using hexedit then ran rpm --checksig. > rpm sitll printed out: "md5 gpg OK" [...] > using hexedit I changed byte 0x46 to 0x22 (it was 0x00) in > xchat-1.8.9-1.73.0.i386.rpm [...] > rpm --checksig xchat* > xchat-1.8.9-1.73.0.i386.rpm: md5 gpg OK > xchat-1.8.9-1.73.0.i386.rpm.org: md5 gpg OK > > WHY DIDN'T rpm --checksig INDICATE AN ERROR IN xchat-1.8.9-1.73.0.i386.rpm ?
What is hanging out near byte 0x46 in an rpm file? I am guessing that that is dead space, cruft, padding, or something else that doesn't matter. I tried a similar experiment I grabed zlib-1.1.3-25.7.i386.rpm, but I waded further into the file until I found what looked like compressed binary data and I changed a byte there. Indeed, --checksig noticed my change. For another experiment I went to byte 0x515 of zlib-1.1.3-25.7.i386.rpm where I found some English language text and I changed an "e" to an "E". Again, --checksig found the change. Note that rpm files are not simple byte streams, there is a lot of structure in there. I think that the signature is knowledgeable of that structure and you changed dead space that didn't participate in anything real. It is similarly possible to change a bit in a database file and not hit anything real either. Or change a random bit on a disk, you also might not hit anything real. And in the case of the disk, a file compare and fsck might both see nothing changed. -kb, the Kent who also uses "rpm --checksig" on a regular basis and who doesn't think there is anything to worry about here. -- redhat-list mailing list Unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
